#!/usr/bin/env python
# -*- coding:utf-8 -*-
# Reference: https://github.com/ydhcui/Scanver/blob/master/payloads/infobak.py

web_path_data = """
/crossdomain.xml
/debug.txt
/.env
/.bash_history
/.rediscli_history
/.bashrc
/.bash_profile
/.bash_logout
/.vimrc
/.DS_Store
/.history
/.htaccess
/htaccess.bak
/.htpasswd
/.htpasswd.bak
/htpasswd.bak
/nohup.out
/.mysql_history
/httpd.conf
/web.config
/server-status
/config/database.yml
/database.yml
/db.conf
/db.ini
/.svn/entries
/.git/config
/.git/index
/.git/HEAD
/.gitignore
/.ssh/known_hosts
/.ssh/id_rsa
/id_rsa
/.ssh/id_rsa.pub
/.ssh/id_dsa
/id_dsa
/.ssh/id_dsa.pub
/.ssh/authorized_keys
/readme
/README
/readme.md
/readme.html
/changelog.txt
/data.txt
/install
/install.txt
/INSTALL.TXT
/install.sh
/deploy.sh
/upload.sh
/setup.sh
/backup.sh
/rsync.sh
/sync.sh
/test.sh
/run.sh
/config.inc
/config.php.bak
/db.php.bak
/conf/config.ini
/config.ini
/config/config.ini
/configuration.ini
/configs/application.ini
/settings.ini
/application.ini
/conf.ini
/app.ini
/config.json
/application/configs/application.ini
/.idea/workspace.xml
/.idea/modules.xml
/a.out
/key
/keys
/key.txt
/temp.txt
/tmp.txt
/php.ini
/tmp
/sftp-config.json
/index.php.bak
/.index.php.swp
/index.cgi.bak
/config.inc.php.bak
/.config.inc.php.swp
/config/.config.php.swp
/.config.php.swp
/.settings.php.swp
/.database.php.swp
/.db.php.swp
/.mysql.php.swp
/cgi-bin
/app.cfg
/temp.zip
/temp.rar
/temp.tar.gz
/temp.tgz
/temp.tar.bz2
/package.zip
/package.rar
/package.tar.gz
/package.tgz
/package.tar.bz2
/tmp.zip
/tmp.rar
/tmp.tar.gz
/tmp.tgz
/tmp.tar.bz2
/test.zip
/test.rar
/test.tar.gz
/test.tgz
/test.tar.bz2
/backup.zip
/backup.rar
/backup.tar.gz
/backup.tgz
/back.tar.bz2
/db.zip
/db.rar
/db.tar.gz
/db.tgz
/db.tar.bz2
/db.inc
/db.sqlite
/db.sql.gz
/dump.sql.gz
/database.sql.gz
/backup.sql.gz
/data.sql.gz
/data.zip
/data.rar
/data.tar.gz
/data.tgz
/data.tar.bz2
/database.zip
/database.rar
/database.tar.gz
/database.tgz
/database.tar.bz2
/ftp.zip
/ftp.rar
/ftp.tar.gz
/ftp.tgz
/ftp.tar.bz2
/web.zip
/web.rar
/web.tar.gz
/web.tgz
/web.tar.bz2
/www.zip
/www.rar
/www.tar.gz
/www.tgz
/www.tar.bz2
/wwwroot.zip
/wwwroot.rar
/wwwroot.tar.gz
/wwwroot.tgz
/wwwroot.tar.bz2
/output.tar.gz
/admin.zip
/admin.rar
/admin.tar.gz
/admin.tgz
/admin.tar.bz2
/upload.zip
/upload.rar
/upload.tar.gz
/upload.tgz
/upload.tar.bz2
/website.zip
/website.rar
/website.tar.gz
/website.tgz
/website.tar.bz2
/package.zip
/package.rar
/package.tar.gz
/package.tgz
/package.tar.bz2
/sql.zip
/sql.rar
/sql.tar.gz
/sql.tgz
/sql.tar.bz2
/sql.7z
/data.sql
/database.sql
/db.sql
/test.sql
/admin.sql
/backup.sql
/dump.sql
/index.zip
/index.7z
/index.bak
/index.rar
/index.tar.tz
/index.tar.bz2
/index.tar.gz
/old.zip
/old.rar
/old.tar.gz
/old.tar.bz2
/old.tgz
/old.7z
/1.tar.gz
/a.tar.gz
/x.tar.gz
/o.tar.gz
/conf/conf.zip
/conf.tar.gz
/config.tar.gz
/proxy.pac
/server.cfg
/deploy.tar.gz
/build.tar.gz
/install.tar.gz
/site.tar.gz
/webroot.zip
/tools.tar.gz
/webserver.tar.gz
/htdocs.tar.gz
/src.tar.gz
/code.tar.gz
/phpinfo.php
/info.php
/pi.php
/i.php
/php.php
/mysql.php
/sql.php
/shell.php
/apc.php
/test.php
/test2.php
/test
/test.html
/test2.html
/test.txt
/test2.txt
/WEB-INF/web.xml
/WEB-INF/web.xml.bak
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-slave.xml
/WEB-INF/config.xml
/WEB-INF/spring.xml
/WEB-INF/struts-config.xml
/WEB-INF/struts-front-config.xml
/WEB-INF/struts/struts-config.xml
/WEB-INF/classes/spring.xml
/WEB-INF/classes/struts.xml
/WEB-INF/classes/struts_manager.xml
/WEB-INF/classes/conf/datasource.xml
/WEB-INF/classes/data.xml
/WEB-INF/classes/config/applicationContext.xml
/WEB-INF/classes/applicationContext.xml
/WEB-INF/classes/conf/spring/applicationContext-datasource.xml
/WEB-INF/config/db/dataSource.xml
/WEB-INF/spring-cfg/applicationContext.xml
/WEB-INF/dwr.xml
/WEB-INF/classes/hibernate.cfg.xml
/WEB-INF/classes/rabbitmq.xml
/WEB-INF/conf/activemq.xml
/server.xml
/config/database.yml
/configprops
/WEB-INF/database.properties
/WEB-INF/web.properties
/WEB-INF/log4j.properties
/WEB-INF/classes/dataBase.properties
/WEB-INF/classes/application.properties
/WEB-INF/classes/jdbc.properties
/WEB-INF/classes/db.properties
/WEB-INF/classes/conf/jdbc.properties
/WEB-INF/classes/security.properties
/WEB-INF/conf/database_config.properties
/WEB-INF/config/dbconfig
/access.log
/www.log
/error.log
/log.log
/sql.log
/errors.log
/debug.log
/db.log
/install.log
/server.log
/sqlnet.log
/WS_FTP.log
/database.log
/data.log
/app.log
/log.tar.gz
/log.rar
/log.zip
/log.tgz
/log.tar.bz2
/log.7z
/env
/.env
/.ssh/
/phpmyadmin/index.php
/phpMyAdmin/index.php
/pma/index.php
"""
globals()['web_path_data'] = web_path_data.split()

class VulnChecker(VulnCheck):
    def __init__(self, ip_and_port_list):
        self._name = 'web_sensitive'
        self.info = "Scan the Web sensitive files and directorys"
        self.keyword = ['all', 'web', 'sensitive', 'scan']
        self.default_ports_list = WEB_PORTS_LIST
        VulnCheck.__init__(self, ip_and_port_list)

    def _check(self, ip, port):
        for path in web_path_data:
            url1 = 'http://%s:%s%s'%(ip, port, path) if add_web_path == "" else 'http://%s:%s/%s%s'%(ip, port, add_web_path, path)
            url2 = 'https://%s:%s%s'%(ip, port, path) if add_web_path == "" else 'https://%s:%s/%s%s'%(ip, port, add_web_path, path)
            try:
                req = Requester(url1)
                if req.code == 200 and check_200_or_404(url1):
                    self._output(ip, port, 'sensitive url: %s'%(url1))
            except RequesterOpenError:
                try:
                    req = Requester(url2)
                    if req.code == 200 and check_200_or_404(url2):
                        self._output(ip, port, 'sensitive url: %s'%(url2))
                except:
                    pass
            except:
                pass

globals()['VulnChecker'] = VulnChecker